CustomAuthenticationSuccessHandler
package com.mengxuegu.security.authentication;
import com.mengxuegu.base.result.MengxueguResult;
import com.mengxuegu.security.properties.AuthenticationProperties;
import com.mengxuegu.security.properties.LoginResponseType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
import org.springframework.stereotype.Component;
import com.alibaba.fastjson.JSON;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@Component("customAuthenticationSuccessHandler")
public class CustomAuthenticationSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {
@Autowired
private AuthenticationProperties authenticationProperties;
/**
* 认证成功后处理逻辑
* @param authentication 封装了用户信息UserDetails、访问IP等
*/
@Override
public void onAuthenticationSuccess(HttpServletRequest httpServletRequest,
HttpServletResponse httpServletResponse,
Authentication authentication) throws IOException, ServletException {
Logger logger = LoggerFactory.getLogger(getClass());
if (LoginResponseType.JSON.equals(authenticationProperties.getLoginType())){
// 认证成功后,响应JSON字符串
MengxueguResult result = MengxueguResult.ok("认证成功");
httpServletResponse.setContentType("application/json;charset=UTF-8");
httpServletResponse.getWriter().write(result.toJsonString());
}
else {
//重定向到上次请求的地址上,引发跳转到认证页面的地址
logger.info("authentication: " + JSON.toJSONString(authentication));
super.onAuthenticationSuccess(httpServletRequest, httpServletResponse, authentication);
}
}
}
CustomAuthenticationFailureHandler
package com.mengxuegu.security.authentication;
import com.mengxuegu.base.result.MengxueguResult;
import com.mengxuegu.security.properties.AuthenticationProperties;
import com.mengxuegu.security.properties.LoginResponseType;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.stereotype.Component;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@Component("customAuthenticationFailureHandler")
public class CustomAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
@Autowired
private AuthenticationProperties authenticationProperties;
@Override
public void onAuthenticationFailure(HttpServletRequest request,
HttpServletResponse response,
AuthenticationException exception) throws IOException,ServletException {
if(LoginResponseType.JSON.equals(
authenticationProperties.getLoginType())) {
// 认证失败响应JSON字符串,
MengxueguResult result = MengxueguResult.build(HttpStatus.UNAUTHORIZED.value(),
exception.getMessage());
response.setContentType("application/json;charset=UTF-8");
response.getWriter().write(result.toJsonString());
}
else {
// 重写向回认证页面,注意加上 ?error
super.setDefaultFailureUrl(authenticationProperties.getLoginPage()+"?error");
super.onAuthenticationFailure(request, response, exception);
}
}
}
